Digital Rights Management: “No Excuses”

I’ll start of by diving right into the oversimplified technicals. Skip the next paragraph if you don’t know what AES is.

All digital media is allowed into the wild and can be downloaded via bittorrent or similar system. Every item out there in the wild is encrypted with a block cipher. Each item is encrypted with a different key. When a key is issued to a user, it comes in a certificate where the content holder asserts that the particular key is issued to the particular user possibly with some restrictions.

Put simply, you can download anything for free, but it’s encrypted. You pay the owners to get certificates with keys to decrypt and use stuff you download.

The five laws of the system for the consumer are:

1. You can temporarily use the unencrypted content for playback on your own devices and software players if they don’t already know how to run the “no excuses” system. Therefore…
2. There is “no excuse” for distributing somebody else’s work unencrypted.
3. There is “no excuse” for distributing certificates.
4. There is really “no excuse” for distributing a key without its certificate.
5. There is “no excuse” for misusing keys or otherwise violating some term you agreed to.

This would be almost bonehead easy to implement from the consumer or player side. Managing these kinds of certificates and keys would be straightforward on a desktop computer. It would simply be a plugin for most desktop media players, and the software would be open source.

The requirements for a “no excuses” player would be even smaller. The player would just need to parse key files, decrypt the content, and possibly remove old expired keys.

Few consumers are really interested in defeating the system or being mass pirates. We little people just want to listen to our music on our stuff. The rules of the game clearly allow that, even for players that predate the system. They allow it and give the honest consumer a lot more flexibility in playing content on a lot of devices.

Furthermore, it cuts down on download costs, as bittorrent spreads these out quite evenly.

Mass pirates can still be found.

As a copyright holder, if you stumble on your work being distributed unencrypted, you clearly have recourse, as there is simply “no excuse” for this behavior.

As a bigger distributor or label, if you stumble on a nest of tons of unencrypted files, keys or certs, you still have some tricks in your bag. This is where things get interesting.

Suppose you had a policy of rotating keys every two weeks for all content. When you find an illegal nest of 1000 files, there are some statistical tricks you can pull to narrow down who the culprits are. Furthermore, you can finally get some traction out of that watermarking tech you’ve invested in. Instead of watermarking the content to say “it’s mine,” you watermark it with a nonce you can track later.

On top of that, the value of these illegal schemes will be greatly diminished. The motivations for the otherwise honest person to cheat a system like this vanish as content becomes available in the right forms and for reasonable prices. When the vast hordes of honest people have no use for the pirates, their ability to acquire resources will vanish.

On the legal side of this, consumer and content holders rights could be more directly addressed by some sane laws. A quick aside: since we are talking about the law, intent matters. We all know that people make mistakes and software has bugs. To a judge, intent matters. That said, here’s my worthless legal framework:

1. If software purports support the “no excuses” framework, then it had better implement it. If it can be shown that the writer of the software intended to subvert the system, they can get a civil peanalty. That seems like pretty high legal bar, protecting the honest programmer.
2. Research software is exempt for the duration of the research.

I’d be very curious to get feedback on this. I hope the idea spreads.

By the way, I really despise the term “digital rights management.” Considered in light of the US constitution (I’m American) it gives me the shivers. Maybe “terms of use management” would have been better.

I can think of a good excuse to distributing somebody else’s work unencrypted. If it were under a copyleft or copycenter license such as the Creative Commons, under conditions that permitted such distrobution, or if I had expressed premission from the author of the content to do so.

Secondly, on a more abstract plane consider a hypothetical user with 100,000 keys to encrypted files that everyone has access to and can download easier.
Suppose the keys are sold at the cost of 10$ each.
If he spreads all 100,000 keys to 100 people, for free, he has effectively made a gain to the people in terms of access, but since they weren’t going to buy access anyway the situation incurs kind of loss(in that case 0$)? Such an activity would still break these rules and yet be a non-zero-sum type gain, especially if each of those 100 people spread the keys around similarily. Eventually the content producer gets nothing in return, yet their sacrifice(1M$) is outweighed by the value gained by the community at large, supposing that people were willing to pay for it in the first place (since the amount of money(1M$) people saved is equal to the amount of money the content creator would have gotten(1M$), the only difference being a better state of existance for the content pirates), and supposing they weren’t willing to pay for it it’s pretty much meaningless to say that it changed anything in the condition of the content creator, yet made a better state of existance for the content pirates. It’s a difficult scenario to be in, which creative commons helps avoid.

Thirdly, you’re making illegal filesharing easier: the keys will be smaller and more easier to index and distribute, just imagine a search engine for them! This is not in the interests of the copyright fascists, I’m sure.

Other people have already brought up the most pressing issue, that un-encrypted non-studio content will continue to be (legitimately) transported around the network.

Another thing is this: how will you force people to rotate keys unless you control the hardware? Certainly, it should be possible to have a master-key type system that accepts several digital keys. The hard part is using crypto alone to force certain keys to expire.

Also, for the watermarking, if the watermark is designed to be robust enough to survive compression and trans-coding, then it is probably robust enough to be detected. The first few pirates might get caught this way, but once the word gets out that there are traps being set, people will find a way around them.

As far as resources being eliminated from pirates by all the legitimate users being able to trans code their files, that simply isn’t the case. The big money on software piracy is made in countries that are too poor to afford anything close to US street price on products. I suppose you could claim that those people want to pay full price on software, in the same way that they want a 2000 sq ft apartment and access to 1st world medical care, but none of those things are going to happen in the near future. It is purely an economic issue. In more developed countries, I don’t see that pirates make much money from their endeavors. I think it is much more of a pride thing that drives them.